SSL certificates

An SSL certificate is basically code which is set up on your server to encrypt information as it is passed from a User's computer to your website.

When someone fills their credit card details in on your site and clicks "submit" that information needs to go from their screen (across cyber space, if it helps you to visualise it!) into your website's database. In that fraction of a second it takes for the information to be tranferred, you don't want any nasty hacker intercepting it and stealing the credit card information. A SSL certificate means that even if someone did get their hands on it, it would be encrypted - supposedly in a way which they can't thenunencrypted.

Having a SSL certificate doesn't mean your database is any more secure and doesn't mean your actual server is any different - you still need to be very careful with security around those aspects. It just means that sensitive information is secure whilst it's in transit.

If you have a valid SSL certificate on your website, it is often obvious to your visitors via a green strip in the address bar. If there is an issue with your certificate, your visitors might see a red warning - not always fairly - and so you'd want to address this just for peace of mind.

In the instance below, Chrome and my anti-virus software think the SSL certificate could be better - overall the site is encrypted but the red warning could be off putting as most people won't click on it for further information.

Do I need a SSL certificate?

If you're collecting credit card information, then YES you most certainly do! Although, depending on the scale of your enterprise you should maybe avoid this minefield completely and use a payment merchant to process your sales for you so you never actually come into contact with any credit card details yourself. You can read more about this in our selling online section.

If you're collecting people's addresses then a SSL certificate isn't necessarily essential, but it's a good idea and it can give people reassurance that your site is trustworthy.

How do I get a SSL certificate?

Ask your web developer, but typically you can buy them through your hosting company. Prices vary from around £30/$50 to hundreds as there are different levels of security available. Some of the different levels refer to the different vetting that's required - for example, sometimes you just order them online and click a link in an email as verification of who you are, whereas sometimes for the more secure options an independent issuing body has to actually find your details in the public sphere and contact you via them to verify you exist. In the past I've needed a registered accountant to confirm I was who I was saying I was!